Skip to content

GitLab

aports
aports
Closed
Opened by Alicha CH@alichaReporter

wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)

CVE-2018-14339: MMSE dissector infinite loop

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-38.html

CVE-2018-14340: Multiple dissectors could crash

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-36.html

CVE-2018-14341: DICOM dissector large loop

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15

Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-39.html

CVE-2018-14342: BGP dissector large loop

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-34.html

CVE-2018-14343: ASN.1 BER and related dissectors crash.

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-37.html

CVE-2018-14344: ISMP dissector crash.

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-35.html

CVE-2018-14367: CoAP dissector crash

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-42.html

CVE-2018-14368: Bazaar dissector infinite loop

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-40.html

CVE-2018-14369: HTTP2 dissector crash

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-41.html

CVE-2018-14370: IEEE 802.11 dissector crash

Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8

Reference:

https://www.wireshark.org/security/wnpa-sec-2018-43.html

(from redmine: issue id 9157, created on 2018-07-30, closed on 2018-07-31)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information